nuclei

mirror of https://github.com/projectdiscovery/nuclei.git synced 2026-01-31 15:53:10 +08:00

Author	SHA1	Message	Date
Dwi Siswanto	63aed75474	chore: bump version v3.6.2 Signed-off-by: Dwi Siswanto <git@dw1.io> v3.6.2	2025-12-31 09:30:28 +07:00
dependabot[bot]	4de2bdb883	chore(deps): bump the modules group with 10 updates (#6741 ) Bumps the modules group with 10 updates: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) \| `0.5.0` \| `0.5.1` \| \| [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) \| `0.0.98` \| `0.0.99` \| \| [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) \| `1.0.111` \| `1.0.112` \| \| [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) \| `1.3.0` \| `1.3.1` \| \| [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) \| `0.8.9` \| `0.8.10` \| \| [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) \| `1.1.65` \| `1.1.66` \| \| [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy) \| `0.1.32` \| `0.1.33` \| \| [github.com/projectdiscovery/useragent](https://github.com/projectdiscovery/useragent) \| `0.0.105` \| `0.0.106` \| \| [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) \| `0.2.60` \| `0.2.61` \| \| [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) \| `1.2.15` \| `1.2.16` \| Updates `github.com/projectdiscovery/fastdialer` from 0.5.0 to 0.5.1 - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.5.0...v0.5.1) Updates `github.com/projectdiscovery/hmap` from 0.0.98 to 0.0.99 - [Release notes](https://github.com/projectdiscovery/hmap/releases) - [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.98...v0.0.99) Updates `github.com/projectdiscovery/retryabledns` from 1.0.111 to 1.0.112 - [Release notes](https://github.com/projectdiscovery/retryabledns/releases) - [Commits](https://github.com/projectdiscovery/retryabledns/compare/v1.0.111...v1.0.112) Updates `github.com/projectdiscovery/retryablehttp-go` from 1.3.0 to 1.3.1 - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.3.0...v1.3.1) Updates `github.com/projectdiscovery/dsl` from 0.8.9 to 0.8.10 - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.8.9...v0.8.10) Updates `github.com/projectdiscovery/gologger` from 1.1.65 to 1.1.66 - [Release notes](https://github.com/projectdiscovery/gologger/releases) - [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.65...v1.1.66) Updates `github.com/projectdiscovery/networkpolicy` from 0.1.32 to 0.1.33 - [Release notes](https://github.com/projectdiscovery/networkpolicy/releases) - [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.32...v0.1.33) Updates `github.com/projectdiscovery/useragent` from 0.0.105 to 0.0.106 - [Release notes](https://github.com/projectdiscovery/useragent/releases) - [Commits](https://github.com/projectdiscovery/useragent/compare/v0.0.105...v0.0.106) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.60 to 0.2.61 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.60...v0.2.61) Updates `github.com/projectdiscovery/cdncheck` from 1.2.15 to 1.2.16 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.15...v1.2.16) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-version: 0.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/hmap dependency-version: 0.0.99 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/retryabledns dependency-version: 1.0.112 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-version: 1.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/dsl dependency-version: 0.8.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/gologger dependency-version: 1.1.66 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/networkpolicy dependency-version: 0.1.33 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/useragent dependency-version: 0.0.106 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.61 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.2.16 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-31 09:18:45 +07:00
dependabot[bot]	02434b5537	chore(deps): bump actions/download-artifact in the workflows group (#6742 ) Bumps the workflows group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/download-artifact` from 6 to 7 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: workflows ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-31 02:13:42 +00:00
Dwi Siswanto	1eaecb633a	ci(compat-checks): use stable go-version (#6743 ) Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-31 08:04:21 +07:00
Mzack9999	2d3168b79f	Merge pull request #6735 from projectdiscovery/dwisiswant0/fix/js/mysql-panic-due-to-missing-executionId-in-ctx fix(js): mysql panic due to missing `executionId` in ctx	2025-12-29 11:34:36 +04:00
Mzack9999	880898f312	Merge pull request #6739 from projectdiscovery/dwisiswant0/fix/flow/segfault-in-hasMatchers fix(flow): segfault in `hasMatchers`	2025-12-29 11:33:39 +04:00
Mzack9999	5500ceb877	Merge branch 'dev' into dwisiswant0/fix/flow/segfault-in-hasMatchers	2025-12-29 11:33:01 +04:00
Mzack9999	05ff121b76	Merge branch 'dev' into dwisiswant0/fix/js/mysql-panic-due-to-missing-executionId-in-ctx	2025-12-29 11:13:47 +04:00
Mzack9999	73ad95068c	Merge pull request #6737 from projectdiscovery/dwisiswant0/ci/tests/use-stable-go-version-for-release-test ci(tests): use stable go-version for release test	2025-12-29 01:11:21 +04:00
Dwi Siswanto	592b689b15	Revert "chore(flow): disable global recover handler" This reverts commit `0d4edc7841`.	2025-12-26 14:24:47 +07:00
Dwi Siswanto	22b64b6702	fix(flow): segfault in `hasMatchers` `hasMatchers` was not nil-safe when iterating over the slice of operators. Check if the operator is nil before accessing `*operators.Operators.Matchers` to prevent a panic when a protocol implementation returns a slice containing a nil element. This can happen when a request has no local matchers/extractors but is processed in a flow where global matchers are present. Fixes #6738. Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-26 14:22:48 +07:00
Dwi Siswanto	8b3485abff	test(flow): add util tests Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-26 14:11:43 +07:00
Dwi Siswanto	0d4edc7841	chore(flow): disable global recover handler Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-26 13:49:00 +07:00
Dwi Siswanto	496a71aea1	ci(tests): use stable go-version for release test Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-26 06:33:23 +07:00
Dwi Siswanto	49309b4ac8	chore(js): no staticcheck lint Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-26 06:06:47 +07:00
Dwi Siswanto	22469bdc2f	chore(js): update memoized functions Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-26 01:08:06 +07:00
Dwi Siswanto	12176d67a9	test(javascript): add mysql-connect integration test Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-26 01:08:00 +07:00
Dwi Siswanto	0eb87c2621	fix(js): mysql panic due to missing `executionId` in ctx The `connectWithDSN` func used `db.Exec()` which implicitly uses `context.Background()`[1]. This caused the registered "nucleitcp" dialer callback to receive a ctx missing the `executionId`, leading to a panic during type assertion. Refactor `connectWithDSN` to accept `executionId` explicitly and use it to create a `context` for `db.PingContext()` (yeah, instead of `db.Exec()`). And, add a defensive check in the dialer callback to handle nil values gracefully. Fixes #6733 regression introduced in #6296. [1]: "Exec uses `context.Background` internally" - https://pkg.go.dev/database/sql#DB.Exec. Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-25 17:16:49 +07:00
Dwi Siswanto	78e90e300d	ci: refactor workflows (#6728 ) Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-25 02:35:44 +07:00
Mzack9999	5d79201299	fix(js): incorrect postgres exec call signature (#6731 ) Make sure postgres Exec/ExecContext are invoked with the correct argument order, preventing context from being passed as the query. * fixing pg syntax * adding test	2025-12-24 03:20:50 +07:00
dependabot[bot]	3fdc06bce3	chore(deps): bump the modules group with 6 updates Bumps the modules group with 6 updates: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) \| `0.4.20` \| `0.5.0` \| \| [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) \| `1.1.1` \| `1.3.0` \| \| [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) \| `0.8.8` \| `0.8.9` \| \| [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) \| `1.1.64` \| `1.1.65` \| \| [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) \| `0.2.59` \| `0.2.60` \| \| [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) \| `1.2.14` \| `1.2.15` \| Updates `github.com/projectdiscovery/fastdialer` from 0.4.20 to 0.5.0 - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.4.20...v0.5.0) Updates `github.com/projectdiscovery/retryablehttp-go` from 1.1.1 to 1.3.0 - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.1.1...v1.3.0) Updates `github.com/projectdiscovery/dsl` from 0.8.8 to 0.8.9 - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.8.8...v0.8.9) Updates `github.com/projectdiscovery/gologger` from 1.1.64 to 1.1.65 - [Release notes](https://github.com/projectdiscovery/gologger/releases) - [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.64...v1.1.65) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.59 to 0.2.60 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.59...v0.2.60) Updates `github.com/projectdiscovery/cdncheck` from 1.2.14 to 1.2.15 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.14...v1.2.15) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-version: 0.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: modules - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: modules - dependency-name: github.com/projectdiscovery/dsl dependency-version: 0.8.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/gologger dependency-version: 1.1.65 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.60 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.2.15 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-22 13:24:19 +00:00
Mzack9999	329a891069	test: add pwsh integration test (#6724 ) * adding pwsh tests * chore(cmd): rm template Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <git@dw1.io>	2025-12-22 01:41:40 +07:00
Mzack9999	c8c9967e18	Merge pull request #6723 from projectdiscovery/dwisiswant0/chore/deps/bump-utils-v0-8-0 chore(deps): bump projectdiscovery/utils@v0.8.0 to fix deadlock in `*httputil.ResponseChain`	2025-12-19 23:10:53 +04:00
Mzack9999	d19c364e38	Merge pull request #6718 from projectdiscovery/dwisiswant0/perf/generators/optimize-MergeMaps-to-reduce-allocs perf(generators): optimize `MergeMaps` to reduce allocs	2025-12-19 23:10:22 +04:00
Dwi Siswanto	0c125e2224	test(generators): update maps & options benchmarks Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-20 01:02:16 +07:00
Dwi Siswanto	0ab06cc4bf	test: add maps, options, variables bench Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-20 00:56:07 +07:00
Dwi Siswanto	7945b8591c	chore(deps): bump projectdiscovery/utils@v0.8.0 to fix deadlock in `*httputil.ResponseChain` Fixes #6720. Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-20 00:16:01 +07:00
Dogan Can Bakir	664a01ee78	Merge pull request #6673 from projectdiscovery/dwisiswant0/chore/update-issue-and-pr-templates chore: update issue & PR templates	2025-12-19 21:41:46 +07:00
Dwi Siswanto	bb79a061bc	perf(generators): optimize `MergeMaps` to reduce allocs `MergeMaps` accounts for 11.41% of allocs (13.8 GB) in clusterbomb mode. With 1,305 combinations per target, this function is called millions of times in the hot path. RCA: * Request generator calls `MergeMaps` with single arg on every payload combination, incurring variadic overhead. * Build request merges same maps multiple times per request. * `BuildPayloadFromOptions` recomputes static CLI options on every call. * Variables calls `MergeMaps` $$2×N$$ times per variable evaluation (once in loop, once in `evaluateVariableValue`) Changes: Core optimizations in maps.go: * Pre-size merged map to avoid rehashing (30-40% reduction) * Add `CopyMap` for efficient single-map copy without variadic overhead. * Add `MergeMapsInto` for in-place mutation when caller owns destination. Hot path fixes: * Replace `MergeMaps(r.currentPayloads)` with `CopyMap(r.currentPayloads)` to eliminates allocation on every combination iteration. * Pre-allocate combined map once, extend in-place during `ForEach` loop instead of creating new map per variable (eliminates $$2×N$$ allocations per request). Caching with concurrency safety: * Cache `BuildPayloadFromOptions` computation in `sync.Map` keyed by `types.Options` ptr, but return copy to prevent concurrent modification. * Cost: shallow copy of ~10-20 entries vs. full merge of vars + env (85-90% savings in typical case) * Clear cache in `closeInternal()` to prevent memory leaks when SDK instances are created or destroyed. Estimated impact: 40-60% reduction in `MergeMaps` allocations (5.5-8.3 GB savings from original 13.8 GB). Safe for concurrent execution and SDK usage with multiple instances. Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-19 20:19:43 +07:00
Ice3man	d48c2c38fa	feat(trackers): add site-url to optionally provide jira server URL for oauth (#6716 ) * feat: add site-url to optionally provide jira server URL for oauth * chore(cmd): add `site-url` config option Adds optional `site-url` field to JIRA issue tracker configuration for specifying browsable URL when it differs from the API endpoint. This is particularly useful for OAuth-based JIRA Cloud integrations where `issue.Self` contains "api.atlassian.com" instead of the user-facing domain. Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <git@dw1.io>	2025-12-18 23:47:45 +07:00
Dwi Siswanto	e25279255a	chore: update bug report template Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-18 23:09:51 +07:00
Mzack9999	c80ac99a34	Merge pull request #6713 from projectdiscovery/dwisiswant0/feat/enable-TLS-session-cache-for-client-pool feat: enable TLS session cache for client pool	2025-12-18 14:00:58 +04:00
Mzack9999	2d4459d050	Merge pull request #6712 from projectdiscovery/dwisiswant0/fix/trackers/add-gitlab-paginated-dup-issue-search fix(trackers): add gitlab paginated dup issue search	2025-12-18 13:55:59 +04:00
Dwi Siswanto	e3d32584ff	feat: enable TLS session cache for client pool This patch enables TLS session resumption by setting a shared LRU session cache (`ClientSessionCache`) in all HTTP client TLS configs. This reduces handshake overhead and CPU usage for repeated conns to the same host, improving throughput and efficiency in clusterbomb/pitchfork modes. This applied to HTTP-request-based and headless- request-based protocols. No runtime/compatibility impact. Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-18 05:39:02 +07:00
Dwi Siswanto	39a07ca15e	fix(trackers): add gitlab paginated dup issue search with configurable limits This patch fixes duplicate issue detection for GitLab trackers by implementing paginated search with configurable page size and max pages. Adds `duplicate-issue-page-size` and `duplicate-issue-max-pages` options to the config. Fixes #6711. Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-18 00:29:38 +07:00
Leon Jacobs	a7df69749e	fix(trackers): paginate gitea to find all issues when searching for duplicates (#6707 ) * (fix) paginate to find all issues when searching for duplicates * (feat) add configurable limits for perpage and total pages	2025-12-18 00:26:19 +07:00
Dwi Siswanto	746a05dac5	fix(javascript): restore exec for templates w/o `Port` arg (#6709 ) Restore backwards compat for JavaScript protocol templates that omit the `Port` argument. Regression was introduced in `f4f2e9f2`, which removed the fallback for empty `Port` in `(*Request).ExecuteWithResults`, causing templates without `Port` to be silently skipped. Now, if no `Port` is specified, the engine executes the JavaScript block using the target URL's port. Fixes #6708. Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-17 22:07:14 +07:00
Dwi Siswanto	b3706070ab	chore: bump version v3.6.1 Signed-off-by: Dwi Siswanto <git@dw1.io> v3.6.1	2025-12-16 03:41:05 +07:00
dependabot[bot]	755c9785b1	chore(deps): bump the modules group with 7 updates (#6698 ) Bumps the modules group with 7 updates: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) \| `1.1.0` \| `1.1.1` \| \| [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) \| `0.8.7` \| `0.8.8` \| \| [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) \| `1.1.63` \| `1.1.64` \| \| [github.com/projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) \| `1.7.3` \| `1.7.4` \| \| [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy) \| `0.1.31` \| `0.1.32` \| \| [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) \| `0.2.58` \| `0.2.59` \| \| [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) \| `1.2.13` \| `1.2.14` \| Updates `github.com/projectdiscovery/retryablehttp-go` from 1.1.0 to 1.1.1 - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.1.0...v1.1.1) Updates `github.com/projectdiscovery/dsl` from 0.8.7 to 0.8.8 - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.8.7...v0.8.8) Updates `github.com/projectdiscovery/gologger` from 1.1.63 to 1.1.64 - [Release notes](https://github.com/projectdiscovery/gologger/releases) - [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.63...v1.1.64) Updates `github.com/projectdiscovery/httpx` from 1.7.3 to 1.7.4 - [Release notes](https://github.com/projectdiscovery/httpx/releases) - [Commits](https://github.com/projectdiscovery/httpx/compare/v1.7.3...v1.7.4) Updates `github.com/projectdiscovery/networkpolicy` from 0.1.31 to 0.1.32 - [Release notes](https://github.com/projectdiscovery/networkpolicy/releases) - [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.31...v0.1.32) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.58 to 0.2.59 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.58...v0.2.59) Updates `github.com/projectdiscovery/cdncheck` from 1.2.13 to 1.2.14 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.13...v1.2.14) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-version: 1.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/dsl dependency-version: 0.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/gologger dependency-version: 1.1.64 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/httpx dependency-version: 1.7.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/networkpolicy dependency-version: 0.1.32 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.59 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.2.14 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-15 19:08:08 +07:00
Mzack9999	c73906b405	Merge pull request #6691 from stringscut/dev chore: execute goimports to format the code	2025-12-15 14:37:56 +04:00
Mzack9999	8891d70d42	Merge pull request #6687 from projectdiscovery/dwisiswant0/fix/headless/data-race-when-reading-page-history fix(headless): data race when reading page history	2025-12-15 13:13:23 +04:00
dependabot[bot]	ebfd2f2992	chore(deps): bump the workflows group with 2 updates Bumps the workflows group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/cache](https://github.com/actions/cache). Updates `actions/upload-artifact` from 5 to 6 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v5...v6) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: workflows - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: workflows ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-15 09:12:12 +00:00
Dwi Siswanto	e74355344d	chore(deps): bump fastdialer@v0.4.20 to fix >10s delays (#6688 ) Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-14 23:44:06 +07:00
Mzack9999	b49beef554	improving update template + empty folder edge case (#6573 ) * improving update template + empty folder edge case * lint * index cleanup * cleaning path * win fix * fix * chore(cmd): rm templates Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <git@dw1.io>	2025-12-14 23:35:22 +07:00
Dwi Siswanto	cf3b5bf449	fix: body loss on retries/redirects in remaining paths (#6693 ) Continue the fix from #6666 by converting remaining direct Body assignments to use setter methods: * pkg/fuzz/component/body.go:139: use `SetBodyReader()` in transfer-encoding path. * pkg/protocols/http/request.go:694: use `SetBodyString()` in fuzz component `Rebuild()`. Fixes #6692. Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-13 22:37:39 +07:00
Dwi Siswanto	b63a23bd5c	fix(http): pass `dynamicValues` to `EvaluateWithInteractsh` (#6685 ) * fix(http): pass `dynamicValues` to `EvaluateWithInteractsh` When `LazyEval` is true (triggered by `variables` containing `BaseURL`, `Hostname`, `interactsh-url`, etc.), variable expressions are not eval'ed during YAML parsing & remain as raw exprs like "{{rand_base(5)}}". At request build time, `EvaluateWithInteractsh()` checks if a variable already has a value in the passed map before re-evaluating its expression. But, `dynamicValues` (which contains the template context with previously eval'ed values) was not being passed, causing exprs like `rand_` to be re-evaluated on each request, producing different values. Fixes #6684 by including `dynamicValues` in the map passed to `EvaluateWithInteractsh()`, so variables evaluated in earlier requests retain their values in subsequent requests. Signed-off-by: Dwi Siswanto <git@dw1.io> chore(http): rm early eval in `(Request).ExecuteWithResults()` Signed-off-by: Dwi Siswanto <git@dw1.io> test: adds variables-threads-previous integration test Signed-off-by: Dwi Siswanto <git@dw1.io> * test: adds constants-with-threads integration test Signed-off-by: Dwi Siswanto <git@dw1.io> * test: adds race-with-variables integration test Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-12 14:37:59 +07:00
stringscut	7fb1fe7bf2	chore: execute goimports to format the code Signed-off-by: stringscut <stringscut@outlook.jp>	2025-12-12 15:10:22 +08:00
Dwi Siswanto	3e93996471	fix(headless): data race when reading page history The `(Page).HistoryData` was being read w/o holding the mutex lock after `(Page).ExecuteActions()` returns, while the background hijack goroutine could still be writing to it via `(*Page).addToHistory()`. Copy the first history item by value while holding RLock to avoid racing with concurrent append ops. Fixes #6686. Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-11 05:57:28 +07:00
Dwi Siswanto	8e535f625d	fix(http): cache resp strings to reduce memory allocs (#6679 ) Prev, `FullResponseString()`, `BodyString()`, and `HeadersString()` were called multiple times per HTTP response iteration, each call allocating a new string copy of the response data. For a 10MB response, this resulted in ~60MB of redundant string allocs/response (6 calls x 10MB). Cache the string representations once per `Fill()` cycle and reuse them throughout the response processing loop. This reduces allocs from 6 to 3 per response, cutting memory usage by ~50% for response string handling. Profiling showed these functions accounting for ~89% of heap allocs (5.7GB out of 6.17GB) during large scans. Signed-off-by: Dwi Siswanto <git@dw1.io>	2025-12-10 18:25:18 +07:00
dependabot[bot]	93fb595fc1	chore(deps): bump the modules group with 10 updates Bumps the modules group with 10 updates: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) \| `0.4.18` \| `0.4.19` \| \| [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) \| `0.0.97` \| `0.0.98` \| \| [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) \| `1.0.110` \| `1.0.111` \| \| [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) \| `0.8.6` \| `0.8.7` \| \| [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) \| `1.1.62` \| `1.1.63` \| \| [github.com/projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) \| `1.7.2` \| `1.7.3` \| \| [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy) \| `0.1.30` \| `0.1.31` \| \| [github.com/projectdiscovery/useragent](https://github.com/projectdiscovery/useragent) \| `0.0.104` \| `0.0.105` \| \| [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) \| `0.2.57` \| `0.2.58` \| \| [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) \| `1.2.12` \| `1.2.13` \| Updates `github.com/projectdiscovery/fastdialer` from 0.4.18 to 0.4.19 - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.4.18...v0.4.19) Updates `github.com/projectdiscovery/hmap` from 0.0.97 to 0.0.98 - [Release notes](https://github.com/projectdiscovery/hmap/releases) - [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.97...v0.0.98) Updates `github.com/projectdiscovery/retryabledns` from 1.0.110 to 1.0.111 - [Release notes](https://github.com/projectdiscovery/retryabledns/releases) - [Commits](https://github.com/projectdiscovery/retryabledns/compare/v1.0.110...v1.0.111) Updates `github.com/projectdiscovery/dsl` from 0.8.6 to 0.8.7 - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.8.6...v0.8.7) Updates `github.com/projectdiscovery/gologger` from 1.1.62 to 1.1.63 - [Release notes](https://github.com/projectdiscovery/gologger/releases) - [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.62...v1.1.63) Updates `github.com/projectdiscovery/httpx` from 1.7.2 to 1.7.3 - [Release notes](https://github.com/projectdiscovery/httpx/releases) - [Commits](https://github.com/projectdiscovery/httpx/compare/v1.7.2...v1.7.3) Updates `github.com/projectdiscovery/networkpolicy` from 0.1.30 to 0.1.31 - [Release notes](https://github.com/projectdiscovery/networkpolicy/releases) - [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.30...v0.1.31) Updates `github.com/projectdiscovery/useragent` from 0.0.104 to 0.0.105 - [Release notes](https://github.com/projectdiscovery/useragent/releases) - [Commits](https://github.com/projectdiscovery/useragent/compare/v0.0.104...v0.0.105) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.57 to 0.2.58 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.57...v0.2.58) Updates `github.com/projectdiscovery/cdncheck` from 1.2.12 to 1.2.13 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Commits](https://github.com/projectdiscovery/cdncheck/compare/v1.2.12...v1.2.13) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-version: 0.4.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/hmap dependency-version: 0.0.98 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/retryabledns dependency-version: 1.0.111 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/dsl dependency-version: 0.8.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/gologger dependency-version: 1.1.63 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/httpx dependency-version: 1.7.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/networkpolicy dependency-version: 0.1.31 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/useragent dependency-version: 0.0.105 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.58 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.2.13 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-08 12:52:59 +00:00

1 2 3 4 5 ...

6046 Commits